"Linux Gazette...making Linux just a little more fun!"

IPmasquerading with Roadrunner or Second Ethernet
Card

This is for Red Hat 5.0 systems. You can probably do a similar thing
for other linux systems. It is specifically configured for roadrunner in
Columbus, Ohio. If you live somewhere else, you will have to change
anything with "columbus" in the configuration to something else. So far,
the only thing I see you have change is in /etc/resolv.conf, but I believe
that gets changed everytime you start rrhdcpcd.

If you manage to pull this off, you are almost one step away from being
able to install a real network to the internet. Think about it, the
only difference between what we are doing here and a real network
connected
to the internet is that fact that your local intranet doesn't have real
valid ip addresses. If you had real valid ip addresses and your gateway
addressed stayed the same (it changes everytime you log into roadrunner)
then you would have a real fixed network connected to the internet.
Do this, and you can actually say you have real networking experience.
This involves ethernet, DNS, ip forwarding, ip masquerading, ethernet
configuration, and a lot of other stuff. Good luck!

I also wish to thank a bunch of people at The Ohio State University for
their suggestions. I hope I was able to implement them correctly!

Setup your DNS on the server.
Just use my examples. I have it setup for 9 computers
if you need that many. Also, you must have the DNS
rpm installed. Here is a
dns caching server from my cheapbytes Redhat 5.0 cdrom.

Short way

THIS SHORT SECTION ONLY WORKS IF YOU MANAGE to get both ethernet cards
detected with modules. It will probably not work for most people.

This will probably only work with RedHat 5.0.
These steps you must not deviate from. For some reason, the installation
of redhat detected both ethernet cards properly and also the kernel
has ip forwarding in the kernel. It just needs to be enabled. Thus,
Installing your own network is just a bunch of file copying and a couple
of commands and you are done. Be sure to install roadrunner with
Windows95 first to get a configuration file.

1. Install both ethernet cards before you install RedHat 5.0
The two ethernet cards I used were 3com 3c509.
The first had values of, irq=10, address=300 and the second had
irq=11, address=310.
Also, when you install RedHat 5.0, go ahead and install it for a LAN
and have it autoprobe the ethernet cards. I cannot figure it out, but
when I installed redhat after installing these two ethernet cards, it
gets them both everytime, when before it wouldn't. When it comes close to
the end of the RedHat 5.0 installation, it will ask to to select which
services you want started on bootup. I turn off
sendmail and smb. I do this because it hanged on me at boot time.
When you install RedHat 5.0, install everything. I did. You also shouldn't
have to change /etc/lilo.conf.

2. You don't need to recompile the kernel. Just add this file to yours.
/etc/rc.d/rc.local Also, add the krb5.ini file in C:\NETMANAG for Windows95 to
/etc/krb5.conf
Also, make a file called "/etc/rrpasswd" which only has one line on
it which is the password for your roadrunner username.

5. Downlaod
rrclientd-1.3, untar and ungzip it, and
copy all the files in rrclientd-1.3/bin to /sbin. For example, if you
are in rrclientd-1.3/bin, execute "cp * /sbin". I had the binaries
when I got mine, so hopefully you won't have to compile them.
Compiling with the new libraries Red Hat
has had has been tricky at times.

You may have to alter the /etc/services file as it says in the
README file for rrclientd-1.3.

11. If you have any problems whatsoever, all I can say is, make sure your
timezone is correct and that your time is not ahead of the current time
by one second or behind it by more than 5 minutes, and if that doesn't
help, use the rest of the instructions I have.

First ethernet card

Install your first ethernet card as normal when you install the operating
system. Give it a phony ip address you will not use on your network.
For some reason, this ethernet card has to be the one connected to the
outside in order to get everything to work right with xwindows
forwarding. Now, let me state, I had to do this for only people coming
in. Going out, you should have no problem with the second ethernet card
being the one hooked up to roadrunner. However, I could never telnet in
from work to my house and get an xwindows program to work when
roadrunner was using the second ethernet card.
The second ethernet card will be for the intranet.

Also, setup your second ethernet card to NOT use the same irq and
address of your first ethernet card. Traditionally, I use lower
irq and address for my first ethernet card compared to the second. Often
I use a dos computer using a dos program to set the values for the
ethernet cards. You will probably have to do this as well.

Don't do anything yet with roadrunner or your rrdhcpcd program yet.
Also, don't worry about the network configurations yet, we will take
care of it later. Also don't worry about the fact Linux probably
won't see the second ethernet card, we will take care of this later.
Just make sure the ethernet cards don't use the same hardware values.
Also, if your second ethernet card has a lower irq and address than the
first, the computer might think it is the first, so I believe there
really is a reason why I make the first ethernet card with the lower
values. I ain't gonna test if I am wrong. You should just make sure
at least one ethernet card is detected.

Setup your DNS server on your server connected to the
internet.

If you know what you are doing, you can
change the configurations. Because I am silly, I choose
the domain "mark.local". If "mark.local" every becomes an
official
domain, then you will have to change every occurance of
"mark.local"
to something else in the files below.

/etc/hosts is a file
I would use, but don't need. Just in case your dns server
fails, this is handy for a backup.

Leave /var/named/named.ca and named.local the same

Restart named with this command
/etc/rc.d/init.d/named restart

There are a couple of things you could change for your own
personal needs. In
/var/named/mark.local, I disabled localhost definition.

Now at least your clients computers can find each other. I assume you
know how to setup ip addresses, gateways, and other stuff for your
clients. I will give some pointers on this anyways. Setup clients
to use DNS server.

Setup your client computers

In your computer that is acting like the DNS server, I have upto
eight additional entries in the dns server so that you can have upto
eight computers using the dns server. I am assuming you know a little
bit about ethernet cards. Here are the following configurations I
did for a computer of mine.

Setup masquerading on the server

If you were able to get your module(s) to detect both ethernet cards,
then this section doesn't apply. But if you could not get the modules
to recognize both ethernet cards, which will be the case for most people,
you MUST COMPILE THE DRIVER of the ethernet card into your
kernel and also compile in the masquerading bit. I have had problems
getting modules to work with 2 ethernet cards of the same type.
Somehow, when I installed RedHat 5.0 from scratch, it got both of
my ethernet cards, but it was probably an unusal case.

Read the
ip masquerading HOWTO. Follow its steps
on compiling the kernel for masquerading.
NOTE -- VERY DANGEROUS if you screw this up. About,
installing the kernel, RedHat did something
silly when they configured the /etc/lilo.conf file.
Change this line "image=/boot/vmlinuz-2.0.32" to
"image=/boot/vmlinuz" and make sure you run "lilo"
at some point before you reboot your computer. Do it
now to be safe.

1. And also, these are the steps I use to compile the kernel, first
configure it like the howto says
cd /usr/src/linux
make config

2. and when that is done, compile it
make dep
make clean
make zImage

3. and if it worked, compile and install the modules
make modules
make modules_install

4. After you created your kernel,
do the following steps to install your new kernel.

That should install your kernel if you compiled it.
Here is an example of my
/etc/lilo.conf file.

YOUR /etc/lilo.conf WILL NOT BE THE SAME AS MINE. Change /etc/lilo.conf for your specific needs
and please
read about append in the BOOTPROMPT howto before you use it.
You will have to modify this file yourself.
Add the append statement like I did for two ethernet cards.

Change some configuration files

Use these files.

Change /etc/rc.d/rc.local
which will start the ip masquerading. Actually, ADD THIS
to your rc.local file and do not overwite it.

Change /etc/sysconfig/network
and remember that these values
don't me anything and will get changed once you log into
the internet.

Hook up the network.

Put your gateway server computer between the roadrunner
box and the hub.

Reboot the computer.

Hook up all your other computers to the hub.

See if you can ping or connect from a client computer
to your gateway computer. If so good.

See if your internal computers can see each other. You don't
need the gateway computer to do this, this is just
to check to see if your hub is working. Telnet, ping,
ftp, or others should work. For example, "ping c1"
would ping your c1.mark.local computer. If you used
/etc/hosts like I told you to, you don't need the
gateway server to resolve the ip address. Or you could
just do "ping 10.0.0.21" to do the same thing.

Specifically, you should hook up the first ethernet card to the roadrunner
modem thing and the second ethernet card to the hub.

Now we need to get your gateway computer connected to the internet.

Connect your gateway to the internet.

Did you remember to first install roadrunner on a Windows95
computer to get the configuration files? If so, you better.

Download the
rrclientd-1.3.tar.gz and rrdhcpcd-1.02.tar.gz files.
You don't need rrdhcpcd-1.02.tar.gz unless you want to compile as
it has a binary contained in rrclientd-1.3.tar.gz.
Here are the briefs instructions on what to do, but read the
README file that comes with rrclientd-1.3.tar.gz. It tells you
in better detail what to do next. Use rrdhcpcd instead of dhcpcd.
It works better and seems to initiate faster.

Create a /etc/rrpasswd file that contains the password
for your account. A "chmod 700 /etc/rrpasswd"
command if you only want root to be able to read it.

Make changes to your /etc/services file as said in the readme
file from rrclientd-1.3.tar.gz.

Copy the binaries you need for rrclientd into
/sbin, or at least, that is what I did. The rest
of this document will assume you put your
binaries in /sbin.

Make sure the time on your computer is not ahead of the
current time and not behind by more than 5 minutes.
Also, make sure your timezone is correct.

I am going to assume you are using rrdhcpcd. If you don't
have a binary of it, you will have to compile it.
Execute these commands to make sure you have the correct
links to use the new programs you copied to /sbin.
mv /sbin/dhcpcd /sbin/dhcpcd_old
mv /usr/sbin/dhcpcd /usr/sbin/dhcpcd_old
mv /usr/bin/rdate /usr/bin/rdate_old

Once you have installed rrclientd-1.3.tar.gz properly,
use this file /root/Login.bat to
start your login session with "source /root/Login.bat". Remember to
change USERNAME in the file to whatever username it is that you have.
In my script, I stop and start rrdhcpcd, which is unecessary. Once
rrdhcpcd is started, it tries to renew the ip address every 3 hours.
Thus, you should never have to stop rrdhcpcd, but I do it anyways.

Setting roadrunner up as a service.

You need to set your ethernet card to use the dhcp protocol and to have
roadrunner as an activated service in order for it to start when
your computer is turned on. This worked for me. I read the dhcpcd program
(and probably rrdhcpcd does the same thing) tries to renew the ip
address every 3 hours. This is good. This means users don't have to start
and stop it.

B. Now use the control panel. Log in as root and use xwindows. "startx"
will start xwindows at the prompt if you don't have xdm running.
The control-panel should be there. This next step will set the first
ethernet card to use dhcp which we replaced with rrdhcp (the computer
doesn't know any better).

Click on the "Network Configuration" icon in the
control panel.

Click on "Interfaces".

Click on "eth0"

Click on "edit"

OPTIONAL: Click on "Allow user to (de)active interface".

Choose "dhcp" for Interface configuration protocol.

Click somewhere to save the changes.

Okay, we got rrdhcpcd running by setting the first ethernet card to use
the protocl dhcp and we installed the roadrunner service which uses rrclientd.

Reboot your computer and see what happens!

You should be connected to the internet when your server boots up as
well as all your clients.
If you use a web browser, you might have to set it to use the
"proxy-server" on port 8080. Programs like telnet, ssh, nslookup, ftp,
and ping should work. Actually, ping might work with just rrdhcpcd being
activated.

Starting and stopping the roadrunner service and rrdhpcd.

But of course, that is a little drastic. Rrdhpcd supposedly tries to
renew the ip address every 3 hours, so you should never have to start
and stop it. That is good because it takes a while to initiate and
stalls the network.

Why would you want to stop and start the roadrunner service?
Well, in theory, rrdhpcd should get the same ip address 99% of the time
if you leave it on all the time. If it doesn't, you are screwed and you
will have to restart the roadrunner service. Thus, instead of using my
/root/Login.bat script, just put into the cron for the roadrunner service
to be stopped and started at specific times. Use the files
/root/Login2.bat and
/root/cron2 and
/root/email.pl.
Make sure you do a "chmod 755 /root/Login2.bat /root/email.pl".
And also do a "crontab /root/cron2". Oh, uh, if you had other stuff
cronned as root, I would "add the cron stuff" or otherwise you are
going to blow away your previous cron jobs.

Also, a quote from Joshua Jackson when I e-mailed him about what
problems you might have being logged in all the time.

If for some reason you lose your IP address (this SHOULD NOT happen under
normal circumstances), you Kerberos tickets and GSS auth info would become
invalid. If this happens, rrclientd will exit and you will need to log
back in.
The only reason that you would lose your IP address would either be a
hardware/software malfunction at either the client or server end or a
reset of the dhcp servers at RR.
Joshua Jackson

Other things

Use this section at your own risk.
This stuff I plan to elaborate more on given that some people have
made good suggestions about them. For updates to this webpage, look
at
http://linux.med.ohio-state.edu/nielsen/rr.html, but that might even
change someday. NONE OF THIS STUFF in this section is explained well.
Modifications are probably in order at some point. This is just what
I would do.

If you don't setup the roadrunner service and bind rrdhcpcd
to the ethernet card but you want to stay connected
almost 24 hours a day,
you could do something like send yourself
e-mail once an hour use a
perl script and
and cron job on your
gateway
server and issue the
command "crontab cron" to get it started.
The /root/cron file uses
/root/Login.bat file, so you need it also.
Also
the /root/Kill.bat
file to kill it at 1 a.m. You don't have to, I do.
Do a "chmod 755 /root/email.pl /root/Kill.bat
/root/Login.bat". Modify the stuff as you see fit. Also, add this to your
/etc/rc.d/rc.local file and replace USERNAME with the
username you use for roadrunner. This will start the
stuff at boot time if you didn't set it up to do so
with the roadrunner service and control panel.

If you are interested in what programs you can use,
telnet, ssh, ftp, ping, nslookup, and xwindows programs
seem to work. I have heard other ones do as well.
Some of resources in "References" above mention other
things like ircs and other stuff.

In /etc/inet.d, I would comment out ftp, telnet, rsh,
pop3, pop2, imap, and gopher for security reasons.
Compile and install ssh.

If you are interested in fixing /etc/resolv.conf so that it
doesn't change, do a "chmod 444 /etc/dhcpc/resolv.conf"
after you configure it. I recommend you only add
information like nameservers and domains, like mine is

domain columbus.rr.com
search mark.local columbus.rr.com
nameserver 10.0.0.10 ### this is our DNS
nameserver 204.210.252.18 ### this is the roadrunner dns
nameserver 128.146.1.7 ### ONLY FOR OSU PEOPLE IN COLUMBUS OHIO!

domain columbus.rr.com
search mark.local columbus.rr.com
nameserver 10.0.0.10 ### this is our DNS
nameserver 204.210.252.18 ### this is the roadrunner dns
nameserver 128.146.1.7 ### ONLY FOR OSU PEOPLE IN COLUMBUS OHIO!
### You can probably use our dns first if you want. Actually, I would.

/var/named/mark.local for server

mark.local. IN SOA main.mark.local. root.main.mark.local. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
mark.local. IN NS main.mark.local.
;localhost IN A 127.0.0.1
main.mark.local. IN A 10.0.0.10
c1.mark.local. IN A 10.0.0.21
c2.mark.local. IN A 10.0.0.22
c3.mark.local. IN A 10.0.0.23
c4.mark.local. IN A 10.0.0.24
c5.mark.local. IN A 10.0.0.25
c6.mark.local. IN A 10.0.0.26
c7.mark.local. IN A 10.0.0.27
c8.mark.local. IN A 10.0.0.28